From 4090714ace47f83c4e97b891accef1da6531d31d Mon Sep 17 00:00:00 2001
From: Dan Gowans <d.gowans@cityssm.on.ca>
Date: Mon, 22 Aug 2022 15:49:08 -0400
Subject: [PATCH] attempt to fix codeql vulnerability

---
 routes/login.js | 24 +++++++++++++-----------
 routes/login.ts | 25 ++++++++++++++-----------
 2 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/routes/login.js b/routes/login.js
index 6bebc755..0b2953c8 100644
--- a/routes/login.js
+++ b/routes/login.js
@@ -4,17 +4,19 @@ import * as authenticationFunctions from "../helpers/functions.authentication.js
 export const router = Router();
 const getSafeRedirectURL = (possibleRedirectURL = "") => {
     const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix");
-    const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
-        possibleRedirectURL.slice(urlPrefix.length) :
-        possibleRedirectURL).toLowerCase();
-    switch (urlToCheck) {
-        case "/admin/fees":
-        case "/lotOccupancies":
-        case "/lots":
-        case "/maps":
-        case "/workOrders":
-        case "/reports":
-            return urlPrefix + urlToCheck;
+    if (typeof (possibleRedirectURL) === "string") {
+        const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
+            possibleRedirectURL.slice(urlPrefix.length) :
+            possibleRedirectURL).toLowerCase();
+        switch (urlToCheck) {
+            case "/admin/fees":
+            case "/lotOccupancies":
+            case "/lots":
+            case "/maps":
+            case "/workOrders":
+            case "/reports":
+                return urlPrefix + urlToCheck;
+        }
     }
     return urlPrefix + "/dashboard";
 };
diff --git a/routes/login.ts b/routes/login.ts
index 6267a0d4..90252bc8 100644
--- a/routes/login.ts
+++ b/routes/login.ts
@@ -15,19 +15,22 @@ const getSafeRedirectURL = (possibleRedirectURL = "") => {
 
     const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix");
 
-    const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
-        possibleRedirectURL.slice(urlPrefix.length) :
-        possibleRedirectURL).toLowerCase();
+    if (typeof (possibleRedirectURL) === "string") {
+        
+        const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
+            possibleRedirectURL.slice(urlPrefix.length) :
+            possibleRedirectURL).toLowerCase();
 
-    switch (urlToCheck) {
-        case "/admin/fees":
-        case "/lotOccupancies":
-        case "/lots":
-        case "/maps":
-        case "/workOrders":
-        case "/reports":
+        switch (urlToCheck) {
+            case "/admin/fees":
+            case "/lotOccupancies":
+            case "/lots":
+            case "/maps":
+            case "/workOrders":
+            case "/reports":
 
-            return urlPrefix + urlToCheck;
+                return urlPrefix + urlToCheck;
+        }
     }
 
     return urlPrefix + "/dashboard";